Professional Documents
Culture Documents
Serves
Investing
$3.6B +75%
Fortune Title Sponsor
in R&D
Global 100 Since 2019
NTT is one of the largest global technology and business solutions companies, with 150+
year heritage of innovation. Ranked one of the world’s most valuable brands, it is the
holding company for all NTT businesses worldwide, including NTT DATA.
NTT DATA is a top 10 global business and IT services provider with business operations in
more than 50 countries and regions. The parent of NTT DATA Services, the business was
established in 1967 as the IT services arm of NTT and became a public company in 1995.
Hybrid Infrastructure
Data & Intelligence Cloud Transformation BPO & BPaaS
Managed Services
HR apps
Cloud-hosted
Azure AD apps
On-premises and
web apps
On-premises
Active Directory
End-to-End Azure AD Capability: Empowering Clients with Technology Solutions
Driving Application Adoption Engage with External Users Securing Identities Design Guide
• Compare methods for delivering • Determine use cases for external • Discuss use of self-service password • Summarize all gathered intel &
applications to end users via Azure partners and customers requiring reset, Multifactor authentication, established parameters,
AD. access to internal resources Conditional Access, Privileged configuration details and data.
• Discuss Single Sign On (SSO) and • Design options for B2B and B2C Identity Management and Managed • Output - a design guide, architectural
Identities in Azure AD to ensure
provisioning users into 3rd party apps scenarios diagram and an implementation plan
security of user and admin accounts
• Review use of Azure AD • Output - defined policies that meet combining your requirements and
• Output - agree on set of technical NTT best-practices
authentication in building customer data security and identity
controls to design and implement for
applications lifecycle manageability objectives
identity protection
• Output – identify key LOB apps that
can leverage AAD SSO and
implementation strategy
Build - Overview of the NTT DATA Azure Active Directory Implementation Phases
PHASE 2 PHASE 4
PHASE 1 PHASE 3
Import users, enable synchronization Audit privileged identities, complete
Build a Foundation of Security Manage applications
and manage devices access reviews, manage user lifecycle
• Define privileged roles in Azure AD, • Install Azure AD Connect and Azure • Identify on-premises, SaaS and • Enforce the use of Privileged Identity
such as global admin, as well as AD Connect Health other Line of Business applications Management
non-global administrative roles, and to see if they can be managed by • Complete access review for Azure
enable Privileged Identity • Enable password hash sync and Azure AD
AD directory roles in Privileged
Management to track usage of roles. password writeback
• Integrate supported SaaS Identity Management
• Configure Self-Service Password • Assign licensing to users applications that exist in the Azure • Implement dynamic group
Reset for users portal
membership policies
• Configure password policies, banned • Create plan for external user access • Deploy and configure Azure AD
• Implement group-based application
passwords and enable on-premises Application Proxy to integrate access
• Decide on device management provisioning for SaaS applications
integration for password protection to on-premises applications
strategy • Automate user provisioning and
• Configure MFA and Conditional
deprovisioning for HR systems and
Access baseline • Deploy Windows Hello for Business
Azure AD
in organization
• Enable Azure AD Identity Protection
to track risky sign-ins and • Deploy Passwordless authentication
compromised user passwords methods for users
Enabling Controls
Assess usage and performance patterns from the captured alerts established during the preceding phases to validate the controls meet the
objectives. Configure governance controls based on required modifications as indicated during the testing process.
Run - NTT DATA Azure Active Directory Managed Services
Operational Support Optimization Support Audit Support
Operational support to ensure Azure Active Directory is Support client-let audit preparations for
Continual improvement efforts to consistently
operating efficiently. We monitor for threats and compliance or security program-related
improve the client’s security posture
provide remediation to help mitigate exposure to risk. efforts
• Maintain Azure AD Connect servers and ADFS On a monthly basis: Audit assistance on up to a biannual
infrastructure • Drive improvements to Identity Secure Score basis. Such tasks may include:
• Regularly execute and triage IdFix reports, ensuring • Manage lifecycle of SSO config for Azure AD
• Review proper application of technical
healthy directory synchronizations • Triage and investigate security and risk events compliance controls in of Azure AD if
• Triage Azure AD Connect Health Alerts for Sync and • Review and design catalogs and access packages customer is subject to regulation
ADFS for applications and resources
• Assign users to access packages in line with • Ensure Azure AD audit logs, including
• Manage user identities, including:
security policies sign-in activity and risk events are
• Group memberships being archived to a SIEM for historical
• Assignment of licenses • Review approval workflows regularly to ensure the
reference
• Assign users to enterprise applications proper approvers are included
• CRUD (create, read, update, delete) operations • Design and implement Conditional Access policies • Export data from Azure AD upon
• Manage access by external users request
• Manage device joins and removal from Azure AD or On a quarterly basis:
Hybrid Azure AD. • Off-band reporting per client-directed
• Regularly review to enterprise applications requirements
• Configure Conditional Access policies • Regularly review access to directory by external
• Monitor authentication logs for anomalies or login identities
problems on: • Review who has been granted access to privileged
• Azure AD App Proxy Connectors roles
• Passthrough Auth Agents • Review steps for defining security gates for
• Password Writeback Service activation of privileged roles
• On-premises password protection gateway
• Review consent grants to applications
Did you know?
DO and CDTS
Platform Specialists - Cybersecurity Pre-Sales Advisors
Advisory, Implementation and
Managed Services
Rich Darrell
Scott Benson Public Sector,
Healthplan Life Brian Eckert Aligned by SBU and Integrated with SBU
Emerging
Sciences Accounts specific selling process
Account Planning
Stan Riemer Thought Leadership
Robert Laviolette
Manufacturing TBH International Contact the team:
Business/FSI
securitysales@nttdata.com Sales Pursuits